WO2004031898A3 - Vulnerability management and tracking system (vmts) - Google Patents

Vulnerability management and tracking system (vmts) Download PDF

Info

Publication number
WO2004031898A3
WO2004031898A3 PCT/US2003/030365 US0330365W WO2004031898A3 WO 2004031898 A3 WO2004031898 A3 WO 2004031898A3 US 0330365 W US0330365 W US 0330365W WO 2004031898 A3 WO2004031898 A3 WO 2004031898A3
Authority
WO
WIPO (PCT)
Prior art keywords
vmts
tracking system
vulnerability
vulnerability management
vulnerable
Prior art date
Application number
PCT/US2003/030365
Other languages
French (fr)
Other versions
WO2004031898A2 (en
Inventor
Mario Girouard
Original Assignee
Electronic Data Syst Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Priority to US10/259,763 priority Critical patent/US20040064726A1/en
Priority to US10/259,763 priority
Application filed by Electronic Data Syst Corp filed Critical Electronic Data Syst Corp
Publication of WO2004031898A2 publication Critical patent/WO2004031898A2/en
Publication of WO2004031898A3 publication Critical patent/WO2004031898A3/en

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/14Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
    • H04L63/1433Vulnerability analysis
    • GPHYSICS
    • G06COMPUTING; CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/50Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
    • G06F21/57Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
    • G06F21/577Assessing vulnerabilities and evaluating computer system security

Abstract

Vulnerabilities may be managed by receiving a vulnerability message (310) describing a profile of a computer system vulnerable to a threat, identifying one or more vulnerable systems (335) with the profile described in the received vulnerability message, the vulnerable systems having a vulnerability that may be exploited by the threat, and generating a display (345) that includes a list of the identified vulnerable systems.
PCT/US2003/030365 2002-09-30 2003-09-25 Vulnerability management and tracking system (vmts) WO2004031898A2 (en)

Priority Applications (2)

Application Number Priority Date Filing Date Title
US10/259,763 US20040064726A1 (en) 2002-09-30 2002-09-30 Vulnerability management and tracking system (VMTS)
US10/259,763 2002-09-30

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
AU2003278959A AU2003278959A1 (en) 2002-09-30 2003-09-25 Vulnerability management and tracking system (vmts)

Publications (2)

Publication Number Publication Date
WO2004031898A2 WO2004031898A2 (en) 2004-04-15
WO2004031898A3 true WO2004031898A3 (en) 2004-12-23

Family

ID=32029555

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US2003/030365 WO2004031898A2 (en) 2002-09-30 2003-09-25 Vulnerability management and tracking system (vmts)

Country Status (3)

Country Link
US (1) US20040064726A1 (en)
AU (1) AU2003278959A1 (en)
WO (1) WO2004031898A2 (en)

Families Citing this family (61)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20040153666A1 (en) * 2003-02-05 2004-08-05 Sobel William E. Structured rollout of updates to malicious computer code detection definitions
US20040221176A1 (en) * 2003-04-29 2004-11-04 Cole Eric B. Methodology, system and computer readable medium for rating computer system vulnerabilities
US7885190B1 (en) 2003-05-12 2011-02-08 Sourcefire, Inc. Systems and methods for determining characteristics of a network based on flow analysis
US9118709B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9350752B2 (en) 2003-07-01 2016-05-24 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US20070113272A2 (en) 2003-07-01 2007-05-17 Securityprofiling, Inc. Real-time vulnerability monitoring
US8984644B2 (en) 2003-07-01 2015-03-17 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118711B2 (en) * 2003-07-01 2015-08-25 Securityprofiling, Llc Anti-vulnerability system, method, and computer program product
US9118710B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc System, method, and computer program product for reporting an occurrence in different manners
US9100431B2 (en) 2003-07-01 2015-08-04 Securityprofiling, Llc Computer program product and apparatus for multi-path remediation
US9118708B2 (en) 2003-07-01 2015-08-25 Securityprofiling, Llc Multi-path remediation
US7698275B2 (en) * 2004-05-21 2010-04-13 Computer Associates Think, Inc. System and method for providing remediation management
US8171555B2 (en) * 2004-07-23 2012-05-01 Fortinet, Inc. Determining technology-appropriate remediation for vulnerability
US20060018478A1 (en) * 2004-07-23 2006-01-26 Diefenderfer Kristopher G Secure communication protocol
US7774848B2 (en) * 2004-07-23 2010-08-10 Fortinet, Inc. Mapping remediation to plurality of vulnerabilities
US7539681B2 (en) * 2004-07-26 2009-05-26 Sourcefire, Inc. Methods and systems for multi-pattern searching
US8146072B2 (en) * 2004-07-30 2012-03-27 Hewlett-Packard Development Company, L.P. System and method for updating software on a computer
US7509676B2 (en) * 2004-07-30 2009-03-24 Electronic Data Systems Corporation System and method for restricting access to an enterprise network
US7665119B2 (en) * 2004-09-03 2010-02-16 Secure Elements, Inc. Policy-based selection of remediation
US7761920B2 (en) * 2004-09-03 2010-07-20 Fortinet, Inc. Data structure for policy-based remediation selection
US20060075503A1 (en) * 2004-09-13 2006-04-06 Achilles Guard, Inc. Dba Critical Watch Method and system for applying security vulnerability management process to an organization
US7720031B1 (en) * 2004-10-15 2010-05-18 Cisco Technology, Inc. Methods and devices to support mobility of a client across VLANs and subnets, while preserving the client's assigned IP address
US20060101519A1 (en) * 2004-11-05 2006-05-11 Lasswell Kevin W Method to provide customized vulnerability information to a plurality of organizations
US8065712B1 (en) * 2005-02-16 2011-11-22 Cisco Technology, Inc. Methods and devices for qualifying a client machine to access a network
GB2424291A (en) * 2005-03-17 2006-09-20 Itc Internetwise Ltd Blocking network attacks based on device vulnerability
US7571483B1 (en) * 2005-08-25 2009-08-04 Lockheed Martin Corporation System and method for reducing the vulnerability of a computer network to virus threats
US20070169199A1 (en) * 2005-09-09 2007-07-19 Forum Systems, Inc. Web service vulnerability metadata exchange system
US7733803B2 (en) * 2005-11-14 2010-06-08 Sourcefire, Inc. Systems and methods for modifying network map attributes
US8046833B2 (en) 2005-11-14 2011-10-25 Sourcefire, Inc. Intrusion event correlation with network discovery information
US20070147594A1 (en) * 2005-12-22 2007-06-28 Jeffrey Aaron Methods, systems, and computer program products for billing for trust-based services provided in a communication network
US7948988B2 (en) * 2006-07-27 2011-05-24 Sourcefire, Inc. Device, system and method for analysis of fragments in a fragment train
US7701945B2 (en) * 2006-08-10 2010-04-20 Sourcefire, Inc. Device, system and method for analysis of segments in a transmission control protocol (TCP) session
US20080072321A1 (en) * 2006-09-01 2008-03-20 Mark Wahl System and method for automating network intrusion training
CA2672908A1 (en) * 2006-10-06 2008-04-17 Sourcefire, Inc. Device, system and method for use of micro-policies in intrusion detection/prevention
US8069352B2 (en) * 2007-02-28 2011-11-29 Sourcefire, Inc. Device, system and method for timestamp analysis of segments in a transmission control protocol (TCP) session
CA2685292C (en) * 2007-04-30 2013-09-24 Sourcefire, Inc. Real-time user awareness for a computer network
US8166551B2 (en) * 2007-07-17 2012-04-24 Oracle International Corporation Automated security manager
JP5077427B2 (en) * 2008-03-21 2012-11-21 富士通株式会社 Measure selecting program, the measure selecting apparatus and measures selection method
US8474043B2 (en) * 2008-04-17 2013-06-25 Sourcefire, Inc. Speed and memory optimization of intrusion detection system (IDS) and intrusion prevention system (IPS) rule processing
WO2010045089A1 (en) 2008-10-08 2010-04-22 Sourcefire, Inc. Target-based smb and dce/rpc processing for an intrusion detection system or intrusion prevention system
US8069471B2 (en) 2008-10-21 2011-11-29 Lockheed Martin Corporation Internet security dynamics assessment system, program product, and related methods
US20100205014A1 (en) * 2009-02-06 2010-08-12 Cary Sholer Method and system for providing response services
JP5809238B2 (en) 2010-04-16 2015-11-10 シスコ テクノロジー,インコーポレイテッド System and method for near-real-time network attack detection and a system and method for integrating detection by the detection routing,
US8955109B1 (en) * 2010-04-30 2015-02-10 Symantec Corporation Educating computer users concerning social engineering security threats
US8433790B2 (en) 2010-06-11 2013-04-30 Sourcefire, Inc. System and method for assigning network blocks to sensors
US8671182B2 (en) 2010-06-22 2014-03-11 Sourcefire, Inc. System and method for resolving operating system or service identity conflicts
US8601034B2 (en) 2011-03-11 2013-12-03 Sourcefire, Inc. System and method for real time data awareness
US9141805B2 (en) * 2011-09-16 2015-09-22 Rapid7 LLC Methods and systems for improved risk scoring of vulnerabilities
WO2014021866A1 (en) * 2012-07-31 2014-02-06 Hewlett-Packard Development Company, L.P. Vulnerability vector information analysis
US20140157184A1 (en) * 2012-11-30 2014-06-05 International Business Machines Corporation Control of user notification window display
US20160178796A1 (en) * 2014-12-19 2016-06-23 Marc Lauren Abramowitz Dynamic analysis of data for exploration, monitoring, and management of natural resources
US9253203B1 (en) 2014-12-29 2016-02-02 Cyence Inc. Diversity analysis with actionable feedback methodologies
US10050990B2 (en) 2014-12-29 2018-08-14 Guidewire Software, Inc. Disaster scenario based inferential analysis using feedback for extracting and combining cyber risk information
US10341376B2 (en) * 2014-12-29 2019-07-02 Guidewire Software, Inc. Diversity analysis with actionable feedback methodologies
US9521160B2 (en) 2014-12-29 2016-12-13 Cyence Inc. Inferential analysis using feedback for extracting and combining cyber risk information
US9699209B2 (en) 2014-12-29 2017-07-04 Cyence Inc. Cyber vulnerability scan analyses with actionable feedback
WO2017078986A1 (en) 2014-12-29 2017-05-11 Cyence Inc. Diversity analysis with actionable feedback methodologies
US10050989B2 (en) 2014-12-29 2018-08-14 Guidewire Software, Inc. Inferential analysis using feedback for extracting and combining cyber risk information including proxy connection analyses
US10140453B1 (en) 2015-03-16 2018-11-27 Amazon Technologies, Inc. Vulnerability management using taxonomy-based normalization
US9977905B2 (en) * 2015-10-06 2018-05-22 Assured Enterprises, Inc. Method and system for identification of security vulnerabilities
US10235528B2 (en) * 2016-11-09 2019-03-19 International Business Machines Corporation Automated determination of vulnerability importance

Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4866707A (en) * 1987-03-03 1989-09-12 Hewlett-Packard Company Secure messaging systems
US5787000A (en) * 1994-05-27 1998-07-28 Lilly Software Associates, Inc. Method and apparatus for scheduling work orders in a manufacturing process
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US20020103569A1 (en) * 2001-01-31 2002-08-01 Mazur Steven L. Programmable logic controller driven inventory control systems and methods of use
US20030009696A1 (en) * 2001-05-18 2003-01-09 Bunker V. Nelson Waldo Network security testing
US20030187865A1 (en) * 2002-03-27 2003-10-02 Franklin Frisina Computer system for maintenance resource optimization

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6321338B1 (en) * 1998-11-09 2001-11-20 Sri International Network surveillance
AU2002244083A1 (en) * 2001-01-31 2002-08-12 Timothy David Dodd Method and system for calculating risk in association with a security audit of a computer network
US7010696B1 (en) * 2001-03-30 2006-03-07 Mcafee, Inc. Method and apparatus for predicting the incidence of a virus
US20040006704A1 (en) * 2002-07-02 2004-01-08 Dahlstrom Dale A. System and method for determining security vulnerabilities

Patent Citations (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4866707A (en) * 1987-03-03 1989-09-12 Hewlett-Packard Company Secure messaging systems
US5787000A (en) * 1994-05-27 1998-07-28 Lilly Software Associates, Inc. Method and apparatus for scheduling work orders in a manufacturing process
US6088804A (en) * 1998-01-12 2000-07-11 Motorola, Inc. Adaptive system and method for responding to computer network security attacks
US20020103569A1 (en) * 2001-01-31 2002-08-01 Mazur Steven L. Programmable logic controller driven inventory control systems and methods of use
US20030009696A1 (en) * 2001-05-18 2003-01-09 Bunker V. Nelson Waldo Network security testing
US20030187865A1 (en) * 2002-03-27 2003-10-02 Franklin Frisina Computer system for maintenance resource optimization

Also Published As

Publication number Publication date
AU2003278959A1 (en) 2004-04-23
US20040064726A1 (en) 2004-04-01
WO2004031898A2 (en) 2004-04-15
AU2003278959A8 (en) 2004-04-23

Similar Documents

Publication Publication Date Title
Maconachy et al. A model for information assurance: An integrated approach
TWI261769B (en) Maintenance and inspection system and method
EG23251A (en) High security lock and key blade combination.
TWI277317B (en) Methods and systems for operating a logical sensor network
TW462173B (en) Electronic access control system and method
GB2376765B (en) Multiple trusted computing environments with verifiable environment identities
WO2004093143A3 (en) Light emitting devices
SG139545A1 (en) Automatic detection and patching of vulnerable files
WO2004111785A3 (en) Event monitoring and management
WO2005024564A3 (en) Order processing
WO2005050364A3 (en) Distributed intrusion response system
WO2002052870A3 (en) Mobile emotional notification application
MY142244A (en) Network load balancing with host status information
WO2007062086A3 (en) Domain name system security network
TW200409006A (en) Security device and system
TWI336043B (en) Delegated administration of a hosted resource
AU2003296056A1 (en) Information management system
AU2003224824A1 (en) Security system
TW200518521A (en) Network isolation techniques suitable for virus protection
AU2003213916A1 (en) Coding, tracking and reporting negotiable items and related non-negotiable documents
EP1552454A4 (en) Media monitoring, management and information system
TW200619972A (en) High performance computing system and method
WO2004090675A3 (en) System and method for performing storage operations through a firewall
WO2005017683A3 (en) System for managing conditions
MXPA05007141A (en) Model-based management of computer systems and distributed applications.

Legal Events

Date Code Title Description
AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW MZ SD SL SZ TZ UG ZM ZW AM AZ BY KG KZ MD RU TJ TM AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HU IE IT LU MC NL PT RO SE SI SK TR BF BJ CF CG CI CM GA GN GQ GW ML MR NE SN TD TG

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AG AL AM AT AU AZ BA BB BG BR BY BZ CA CH CN CO CR CU CZ DE DK DM DZ EC EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MA MD MG MK MN MW MX MZ NI NO NZ OM PG PH PL PT RO RU SC SD SE SG SK SL SY TJ TM TN TR TT TZ UA UG UZ VC VN YU ZA ZM ZW

121 Ep: the epo has been informed by wipo that ep was designated in this application
DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
122 Ep: pct app. not ent. europ. phase
WWW Wipo information: withdrawn in national office

Country of ref document: JP

NENP Non-entry into the national phase in:

Ref country code: JP